[2330] in WWW Security List Archive
Re: Email Hack: Help.
daemon@ATHENA.MIT.EDU (David Greenberg)
Fri Jul 5 21:14:28 1996
Date: Fri, 05 Jul 1996 18:11:45 -0500
To: www-security@ns2.rutgers.edu
From: David Greenberg <davidg@memco.com>
Errors-To: owner-www-security@ns2.rutgers.edu
Doug Breault wrote:
=>
=>Hello Everyone,
=>
=>We've got a problem here with a hacker. There's some punk
=>apparently hacking a mail server somewhere and sending BS postings all over
=>the net regarding get rich quick schemes, etc - from a non-existent
=>account on our server. They've done it twice so far, from two different
=>non-existent accounts.
=>2. What are the methods one uses to do fake these FROM fields? And is
=> there a way to prevent it?
As another respondent already indicated, someone with the technical know-how
can basically make email appear to come from just about anywhere.
However, email that is digitally signed (using pgp, for example) is much
harder to "spoof." That would require knowledge of or the ability to crack
a private key. Of course, it also requires you to ensure that your email is
always "signed."
If your email is digitally signed, it would be easier for you to refute
ownership of the bogus mail you refer to. And, using the appropriate
filters, you could just drop replies to the non-existent email aliases on
your systems. It's not a perfect solution, but it should keep you out of
legal woes.
|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|
David Greenberg Memco Software
(312) 388-3012/3015 (FAX) (800) 560-9361
|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2
mQBtAzHYNqwAAAEDAObKhwDb7nEpV+A8afkKH1JJxf+boGYw9VGSWNevqGihIOTZ
FA2K2XWqXMEpvOZG+ZXCW/2AoKWQFliYqg46nSzRbcB5EWv8+HUWwIDgNRkuc2DG
l5BON6/1aj4MHEZZJQAFEbQiRGF2aWQgR3JlZW5iZXJnIDxkYXZpZGdAbWVtY28u
Y29tPg==
=Hh27
-----END PGP PUBLIC KEY BLOCK-----
